Privacy Notice

Privacy Notice

 

Last Updated: July 2026

About this Notice

This Privacy Notice explains how KCurryVA collects, uses, stores and protects Personal Data.

It also explains your rights and how to contact us if you have any questions or concerns about the way your Personal Data is processed.

This document forms part of the KCurryVA Governance Framework.

  1. Who We Are

KCurryVA provides specialist operational support services to health and work professionals throughout the United Kingdom.

Depending on the services being provided, KCurryVA may act as either:

  • Data Controller, when processing Personal Data for its own business purposes.
  • Data Processor, when processing Personal Data on behalf of a client under their instructions.
  1. Personal Data We Collect

The categories of Personal Data we collect depend on how you interact with KCurryVA.

These may include:

Identity Data

  • Name
  • Job title
  • Organisation

Contact Data

  • Email address
  • Telephone number
  • Business address

Enquiry Data

  • Information provided through website enquiries
  • Contact form submissions
  • Meeting requests
  • Correspondence

Client Relationship Data

  • Project information
  • Communications
  • Meeting notes
  • Contractual records

Technical Data

  • IP address
  • Browser type
  • Device information
  • Website usage
  • Cookie preferences

Financial Data

Where applicable:

  • Invoice information
  • Payment references
  • Transaction records

KCurryVA does not intentionally collect Special Category Personal Data unless this is necessary as part of services provided on behalf of a client.

  1. How We Collect Personal Data

Personal Data may be collected when you:

  • visit our website;
  • submit an enquiry;
  • contact us by email;
  • engage our services;
  • communicate with us during a project;
  • make a payment;
  • interact with our website through cookies and analytics.
  1. Why We Process Personal Data

Personal Data is processed for purposes including:

  • responding to enquiries;
  • providing operational support services;
  • managing client relationships;
  • delivering contractual obligations;
  • processing payments;
  • maintaining business records;
  • complying with legal obligations;
  • maintaining the security of our systems;
  • improving our website and services.
  1. Lawful Bases for Processing

Depending on the circumstances, Personal Data is processed under one or more of the following lawful bases:

  • Contract
  • Legal Obligation
  • Legitimate Interests
  • Consent (where required)
  1. Third-Party Service Providers

KCurryVA uses carefully selected third-party providers to support the operation of the business.

These currently include:

Provider

Purpose

Microsoft Outlook

Email communications

Microsoft OneDrive

Secure document storage

WordPress

Website platform

IONOS

Website hosting

Google Analytics

Website analytics

Google Search Console

Website performance monitoring

OpenAI (ChatGPT)

Drafting and business productivity in accordance with the AI Usage Policy

Canva

Design and marketing materials

QuickBooks

Accounting and financial management

FreeAgent

Accounting and financial management

Stripe

Payment processing

PayPal

Payment processing

Each provider processes Personal Data in accordance with its own privacy practices and applicable legal obligations.

  1. Sharing Personal Data

KCurryVA will only share Personal Data where:

  • required to deliver contracted services;
  • instructed by a client acting as the Data Controller;
  • required by law;
  • necessary to protect legal rights or prevent fraud.

KCurryVA does not sell Personal Data.

  1. International Transfers

Where Personal Data is transferred outside the United Kingdom, appropriate safeguards will be implemented in accordance with UK data protection legislation.

  1. Data Security

KCurryVA implements appropriate technical and organisational measures to protect Personal Data against accidental loss, unauthorised access, disclosure, alteration or destruction.

Further information is available within the Information Security Statement (IS-020).

  1. Data Retention

Personal Data is retained only for as long as necessary to fulfil the purpose for which it was collected, comply with legal obligations and resolve disputes where necessary.

Retention periods are managed in accordance with the Data Retention Schedule (DP-035).

  1. Your Rights

Subject to UK data protection legislation, you may have the right to:

  • request access to your Personal Data;
  • request correction of inaccurate Personal Data;
  • request erasure;
  • request restriction of processing;
  • object to processing;
  • request data portability;
  • withdraw consent where processing is based upon consent.

Requests should be submitted to:

KCurryVA@outlook.com

  1. Data Protection Complaints

If you have concerns about how your Personal Data has been processed, you may submit a complaint by email to:

KCurryVA@outlook.com

Complaints will be handled in accordance with the Data Protection Complaints Policy (DP-015).

If you remain dissatisfied after receiving our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

  1. Artificial Intelligence

KCurryVA may use artificial intelligence tools to support business operations, including drafting, summarisation, administrative assistance and workflow improvement.

AI tools are used responsibly and in accordance with the AI Usage Policy (AI-010).

Appropriate safeguards are implemented to protect confidential information and Personal Data.

  1. Changes to this Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in legislation, regulatory guidance or business operations.

The latest version will always be available on the KCurryVA website.

Contact

If you have any questions regarding this Privacy Notice or how KCurryVA processes Personal Data, please contact:

KCurryVA

Email: KCurryVA@outlook.com

Website: www.kcurryva.co.uk

Related Documents

  • DP-005 Cookie Policy
  • DP-010 Data Processing Agreement
  • DP-015 Data Protection Complaints Policy
  • AI-010 AI Usage Policy
  • IS-020 Information Security Statement

Version History

Version

Date

Summary of Changes

Approved By

2.0

10 July 2026

Complete rewrite following implementation of the KCurryVA Governance Framework

Business Owner